Decades-old ICSA Labs has launched a program to test and certify IoT products Credit: Thinkstock The thousands of endpoints in IoT systems may have to protect themselves against thousands of dangers. A decades-old IT lab wants to tell you if they’re up to the task.On Wednesday, ICSA Labs announced a program to test the security features of IoT devices and sensors. If the products pass, ICSA will give them a seal of approval. It can also keep testing them periodically to make sure they’re still safe.Consumers and enterprises are wary about security in the Internet of Things, where hardware, software and even use cases are brand new in many cases. Tiny connected devices that run all the time in the background could be vulnerable to completely new kinds of attacks.ICSA will test both consumer and enterprise IoT products, mostly for vendors but also for some large enterprises trying to implement IoT in a secure way, said George Japak, managing director for ICSA Labs. The lab has been owned by Verizon since 2007 but operates mostly on its own, Japak said. It has been testing and certifying a variety of IT products, including VPNs and firewalls, since 1989.The IoT tests will examine six security components to make sure they give adequate protection: alerts and logging, cryptography, authentication, communications, physical security and platform security. Each relevant piece in a product will either pass or fail, and those that fall short will have to go back to the vendor for more work. The program is open for business immediately. It’s not a guarantee of security everywhere a product is used, Japak warned, because it only tests careful lab implementations. Mistakes in the field can render security protections useless.There are other players working on defining security and privacy requirements for IoT, including the Online Trust Alliance, the Industrial Internet Consortium, and the Open Web Application Security Project (OWASP). ICSA is collaborating with them to make sure its tests cover all the requirements they’ve identified, Japak said. Through those groups and other channels, enterprises’ emerging IoT security needs should find their way into ICSA’s testing, he said. Related content news New Trojan ZenRAT masquerades as Bitwarden password manager A report by Proofpoint identifies the new Trojan as undocumented and possessing information-stealing capabilities. By Lucian Constantin Sep 28, 2023 4 mins Cyberattacks Cyberattacks Cyberattacks news UK Cyber Security Council CEO reflects on a year of progress Professor Simon Hepburn sits down with broadcaster ITN to discuss Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity. By Michael Hill Sep 27, 2023 3 mins Government Data and Information Security Security Practices news FIDO Alliance certifies security of edge nodes, IoT devices Certification demonstrates that products are at low risk of cyberthreats and will interoperate securely. By Michael Hill Sep 27, 2023 3 mins Certifications Internet Security Security Hardware news analysis Web app, API attacks surge as cybercriminals target financial services The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks. By Michael Hill Sep 27, 2023 6 mins Financial Services Industry Cyberattacks Application Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe